Before the flaming begins, I must point out that I have completed the mission, but there is something about it that bugs me. Hard.

For those of you who did the challenge years ago, what you have to do is basically decode a huge string using JS / FF.The problem is that I did it manually, I started off manually converting hex to ascii on paper, but as you might assume, it took a while, so I got lazy and used a random hex->ascii converter for several parts and slowly put the pieces together.

The problem is - people claimed this mission to be one of the easiest ever and solvable in like 10 seconds, while I spent approximately 2 hours trying to make out how to get the decoded/processed output of a page from firefox, but to no avail. People even claimed it to be unnecessary to use JS in that challenge, and said that the "password just jumped at their face after staring at the code for 10 seconds".

I feel like a blockhead and a dumbass, seeing how I was unable to do what all the variety of illiterate, '95+ model kids could achieve. What am I not seeing? And before someone blindly points me to a W3S tutorial or something like that - I must point out that I have taken plenty of tutorials, but they did not seem to help me here.

I tried the method you mentioned, but only some parts of the strings would be successfully decoded. Besides, although may be possible doing it that way, it is by no means done in the blink of an eye, so I think there is something really "easy and obvious" we're missing here

Check the if-statement. I'm not sure, but it seems like the obfuscation is simply a decoy (I'm saying that without having actually decoded the string). The mission can be solved by looking at the if-statement, which seems to contain a very basic vulnerability.

The reason you're having so much trouble doing it by hand, is just that, you're doing it by hand. Many of the people here popped opn Firebug to see what the source code looks like. But the thing is, Firebug has the decency to translate it to ASCII for us.

mShred wrote:The reason you're having so much trouble doing it by hand, is just that, you're doing it by hand. Many of the people here popped opn Firebug to see what the source code looks like. But the thing is, Firebug has the decency to translate it to ASCII for us.

I can't believe it was actually that simple. Well, I am certainly happy that I found out how to decode it manually and not just let a plugin solve all my problems. =) Feels really good to understand what's happening behind the curtains ^_^

krystah wrote:Well, I am certainly happy that I found out how to decode it manually and not just let a plugin solve all my problems. =) Feels really good to understand what's happening behind the curtains ^_^